[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> As a side note, I had a machine attacked recenly with a pseudo-successful
> compromise and the only three services that could be seen outside the
> firewall were proftpd 2.1.0rc3 and qmail SMTP and qpop3D. (ssh was also
> there)
>
> Are best guess right now is that it was an attack from a user who has ssh
> access on the system...other then that, those three/four ports should not
> have been the source of the compromise -- certainly not qmail or qpop3d --
> maybe proftpd.
Proftpd has had several remote root exploits over the last eighteen months or
so. Granted, the reported ones have been fixed, but with that kind of a track
record, what are the chances that there are zero vulnerabilities left?
I'd strongly suspect proftpd in this case.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------